Update grafana chart to 6.31.5 (Grafana 7.5.16) This is required to be compatible with Kubernetes 1.22+. Change-Id: I4d1eb753cf14df19f46e9aade29ce1a590040e37
diff --git a/charts/grafana/Version b/charts/grafana/Version index ca06394..efb48db 100644 --- a/charts/grafana/Version +++ b/charts/grafana/Version
@@ -1 +1 @@ -6.2.2 +6.31.1
diff --git a/charts/grafana/grafana.yaml b/charts/grafana/grafana.yaml index 42085de..c1d9ab5 100644 --- a/charts/grafana/grafana.yaml +++ b/charts/grafana/grafana.yaml
@@ -19,11 +19,32 @@ create: true name: nameTest: +## Service account annotations. Can be templated. # annotations: # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + autoMount: true replicas: 1 +## Create a headless service for the deployment +headlessService: false + +## Create HorizontalPodAutoscaler object for deployment type +# +autoscaling: + enabled: false +# minReplicas: 1 +# maxReplicas: 10 +# metrics: +# - type: Resource +# resource: +# name: cpu +# targetAverageUtilization: 60 +# - type: Resource +# resource: +# name: memory +# targetAverageUtilization: 60 + ## See `kubectl explain poddisruptionbudget.spec` for more ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ podDisruptionBudget: {} @@ -55,13 +76,15 @@ image: repository: grafana/grafana - tag: 7.3.5 - sha: "f129cbbe45d1af23d13cb3ba4cbb1fd6f5d937af4880de9a61e8e6c7d548184e" + # Overrides the Grafana image tag whose default is the chart appVersion + tag: 7.5.16 + sha: "a7bdee2d72187ffe16dfd6079a89c39ca97a807df0987dd0d81ca87c616c2bd5" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Can be templated. ## # pullSecrets: # - myRegistrKeySecretName @@ -69,7 +92,7 @@ testFramework: enabled: true image: "bats/bats" - tag: "v1.1.0" + tag: "v1.4.1" imagePullPolicy: IfNotPresent securityContext: {} @@ -81,6 +104,8 @@ containerSecurityContext: {} +# Extra configmaps to mount in grafana pods +# Values are templated. extraConfigmapMounts: [] # - name: certs-configmap # mountPath: /etc/grafana/ssl/ @@ -93,6 +118,8 @@ # - name: provisioning-notifiers # mountPath: /etc/grafana/provisioning/notifiers +# Apply extra labels to common labels. +extraLabels: {} ## Assign a PriorityClassName to pods if set # priorityClassName: @@ -105,6 +132,7 @@ downloadDashboards: env: {} + envFromSecret: "" resources: {} ## Pod Annotations @@ -124,6 +152,7 @@ ## ref: http://kubernetes.io/docs/user-guide/services/ ## service: + enabled: true type: ClusterIP port: 80 targetPort: 3000 @@ -170,6 +199,10 @@ # kubernetes.io/tls-acme: "true" labels: {} path: / + + # pathType is only for k8s >= 1.1= + pathType: Prefix + hosts: - #@ data.values.monitoring.grafana.host ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. @@ -178,6 +211,16 @@ # backend: # serviceName: ssl-redirect # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: use-annotation + + tls: - secretName: grafana-server-tls hosts: @@ -201,15 +244,19 @@ ## tolerations: [] -## Affinity for pod assignment +## Affinity for pod assignment (evaluated as template) ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} +## Additional init containers (evaluated as template) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## extraInitContainers: [] ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod -extraContainers: | +extraContainers: "" +# extraContainers: | # - name: proxy # image: quay.io/gambol99/keycloak-proxy:latest # args: @@ -247,9 +294,22 @@ finalizers: - kubernetes.io/pvc-protection # selectorLabels: {} + ## Sub-directory of the PV to mount. Can be templated. # subPath: "" + ## Name of an existing PVC. Can be templated. existingClaim: grafana-pvc + ## If persistence is not enabled, this allows to mount the + ## local storage in-memory to improve performance + ## + inMemory: + enabled: false + ## The maximum usage on memory medium EmptyDir would be + ## the minimum value between the SizeLimit specified + ## here and the sum of memory limits of all containers in a pod + ## + # sizeLimit: 300Mi + initChownData: ## If false, data ownership will not be reset at startup ## This allows the prometheus-server to be run with an arbitrary user @@ -282,6 +342,7 @@ # Use an existing secret for the admin user. admin: + ## Name of the secret. Can be templated. existingSecret: "grafana-credentials" userKey: admin-user passwordKey: admin-password @@ -322,8 +383,8 @@ env: {} -## "valueFrom" environment variable references that will be added to deployment pods -## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core +## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core ## Renders in container spec as: ## env: ## ... @@ -331,6 +392,10 @@ ## valueFrom: ## <value rendered as YAML> envValueFrom: {} + # ENV_NAME: + # configMapKeyRef: + # name: configmap-name + # key: value_key ## The name of a secret in the same kubernetes namespace which contain values to be added to the environment ## This can be useful for auth tokens, etc. Value is templated. @@ -340,6 +405,25 @@ ## This can be useful for auth tokens, etc envRenderSecret: {} +## The names of secrets in the same kubernetes namespace which contain values to be added to the environment +## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. +## Name is templated. +envFromSecrets: [] +## - name: secret-name +## optional: true + +## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment +## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key. +## Name is templated. +## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core +envFromConfigMaps: [] +## - name: configmap-name +## optional: true + +# Inject Kubernetes services as environment variables. +# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables +enableServiceLinks: true + ## Additional grafana server secret mounts # Defines additional mounts with secrets. Secrets must be manually created in the namespace. extraSecretMounts: @@ -376,10 +460,20 @@ ## Additional grafana server volume mounts # Defines additional volume mounts. extraVolumeMounts: [] - # - name: extra-volume - # mountPath: /mnt/volume + # - name: extra-volume-0 + # mountPath: /mnt/volume0 # readOnly: true # existingClaim: volume-claim + # - name: extra-volume-1 + # mountPath: /mnt/volume1 + # readOnly: true + # hostPath: /usr/shared/ + +## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request +lifecycleHooks: {} + # postStart: + # exec: + # command: [] ## Pass the plugins you want installed as a list. ## @@ -467,8 +561,10 @@ # datasource: Prometheus # local-dashboard: # url: https://example.com/repository/test.json + # token: '' # local-dashboard-base64: # url: https://example.com/repository/test-b64.json + # token: '' # b64content: true ## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. @@ -488,7 +584,7 @@ ## grafana.ini: paths: - data: /var/lib/grafana/data + data: /var/lib/grafana/ logs: /var/log/grafana plugins: /var/lib/grafana/plugins provisioning: /etc/grafana/provisioning @@ -560,8 +656,8 @@ ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: image: - repository: kiwigrid/k8s-sidecar - tag: 1.1.0 + repository: quay.io/kiwigrid/k8s-sidecar + tag: 1.19.2 sha: "3d1e7bfda06ca8d00e20e60733d1551bdbb3adb13685167185489b1931365f05" imagePullPolicy: IfNotPresent resources: @@ -571,9 +667,12 @@ requests: cpu: 50m memory: 50Mi + securityContext: {} # skipTlsVerify Set to true to skip tls verification for kube api calls # skipTlsVerify: true enableUniqueFilenames: false + readinessProbe: {} + livenessProbe: {} dashboards: enabled: true SCProvider: true @@ -583,13 +682,27 @@ folder: /var/dashboards # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead defaultFolderName: null - # If specified, the sidecar will search for dashboard config-maps inside this namespace. + # Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces. # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces + # It's also possible to specify ALL to search in all namespaces. searchNamespace: null - # If specified, the sidecar will look for annotation with this name to create folder and put graph here. - # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both folderAnnotation: null + # Absolute path to shell script to execute after a configmap got reloaded + script: null + # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. + # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S + # watchServerTimeout: 3600 + # + # watchClientTimeout: is a client-side timeout, configuring your local socket. + # If you have a network outage dropping all packets with no RST/FIN, + # this is how long your client waits before realizing & dropping the connection. + # defaults to 66sec (sic!) + # watchClientTimeout: 60 + # # provider configuration that lets grafana manage the dashboards provider: # name of the provider, should be unique @@ -606,6 +719,10 @@ allowUiUpdates: #@ data.values.monitoring.grafana.dashboards.editable # allow Grafana to replicate dashboard structure from filesystem foldersFromFilesStructure: false + # Additional dashboard sidecar volume mounts + extraMounts: [] + # Sets the size limit of the dashboard sidecar emptyDir volume + sizeLimit: {} datasources: enabled: false # label that the configmaps with datasources are marked with @@ -614,6 +731,40 @@ # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # Endpoint to send request to reload datasources + reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" + skipReload: false + # Deploy the datasource sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any datasources defined at startup time. + initDatasources: false + # Sets the size limit of the datasource sidecar emptyDir volume + sizeLimit: {} + plugins: + enabled: false + # label that the configmaps with plugins are marked with + label: grafana_plugin + # value of label that the configmaps with plugins are set to + labelValue: null + # If specified, the sidecar will search for plugin config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces + searchNamespace: null + # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. + watchMethod: WATCH + # search in configmap, secret or both + resource: both + # Endpoint to send request to reload plugins + reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" + skipReload: false + # Deploy the datasource sidecar as an initContainer in addition to a container. + # This is needed if skipReload is true, to load any plugins defined at startup time. + initPlugins: false + # Sets the size limit of the plugin sidecar emptyDir volume + sizeLimit: {} notifiers: enabled: false # label that the configmaps with notifiers are marked with @@ -622,6 +773,10 @@ # Otherwise the namespace in which the sidecar is running will be used. # It's also possible to specify ALL to search in all namespaces searchNamespace: null + # search in configmap, secret or both + resource: both + # Sets the size limit of the notifier sidecar emptyDir volume + sizeLimit: {} ## Override the deployment namespace ## @@ -647,8 +802,9 @@ # extra environment variables env: HTTP_HOST: "0.0.0.0" - # RENDERING_ARGS: --disable-gpu,--window-size=1280x758 + # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758 # RENDERING_MODE: clustered + # IGNORE_HTTPS_ERRORS: true # image-renderer deployment serviceAccount serviceAccountName: "" # image-renderer deployment securityContext @@ -658,11 +814,17 @@ # image-renderer deployment priority class priorityClassName: '' service: + # Enable the image-renderer service + enabled: true # image-renderer service port name portName: 'http' # image-renderer service port used by both service and deployment port: 8081 targetPort: 8081 + # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana + grafanaProtocol: http + # In case a sub_path is used this needs to be added to the image renderer callback + grafanaSubPath: "" # name of the image-renderer port on the pod podPortName: http # number of image-renderer replica sets to keep @@ -679,3 +841,86 @@ # requests: # cpu: 50m # memory: 50Mi + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + nodeSelector: {} + + ## Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Affinity for pod assignment (evaluated as template) + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + +networkPolicy: + ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + ## @param networkPolicy.allowExternal Don't require client label for connections + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to grafana port defined. + ## When true, grafana will accept connections from any source + ## (with the correct destination port). + ## + ingress: true + ## @param networkPolicy.ingress When true enables the creation + ## an ingress network policy + ## + allowExternal: true + ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed + ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the grafana. + ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + ## + explicitNamespacesSelector: {} + ## + ## + ## + ## + ## + ## + egress: + ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be + ## created allowing grafana to connect to external data sources from kubernetes cluster. + enabled: false + ## + ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress + ports: [] + ## Add ports to the egress by specifying - port: <port number> + ## E.X. + ## ports: + ## - port: 80 + ## - port: 443 + ## + ## + ## + ## + ## + ## + +# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option +enableKubeBackwardCompatibility: false +useStatefulSet: false +# Create a dynamic manifests via values: +extraObjects: [] + # - apiVersion: "kubernetes-client.io/v1" + # kind: ExternalSecret + # metadata: + # name: grafana-secrets + # spec: + # backendType: gcpSecretsManager + # data: + # - key: grafana-admin-password + # name: adminPassword